Configuring source ip-based snmp login control – H3C Technologies H3C SecPath F1000-E User Manual
Page 101
93
Configuring source IP-based SNMP login control
You can log in to the NMS to remotely manage the devices. SNMP is used for communication between
the NMS and the agent that resides in the device. By using the ACL, you can control SNMP user access
to the device.
Before configuration, determine the permitted or denied source IP addresses.
Configuring source IP-based SNMP login control
Basic ACLs match the source IP addresses of packets, so you can use basic ACLs to implement source
IP-based login control over NMS users. Basic ACLs are numbered from 2000 to 2999. For more
information about ACL, see Access Control Configuration Guide.
To configure source IP-based SNMP login control:
Step Command
Remarks
1.
Enter system view.
system-view N/A
2.
Create a basic ACL and enter
its view, or enter the view of
an existing basic ACL.
acl [ ipv6 ] number acl-number [ name
acl-name ] [ match-order { config |
auto } ]
By default, no basic ACL
exists.
3.
Create rules for this ACL.
rule [ rule-id ] { permit | deny } [ source
{ sour-addr sour-wildcard | any } |
time-range time-name | fragment |
logging ]*
N/A
4.
Exit the basic ACL view.
quit
N/A
5.
Associate this SNMP
community with the ACL.
snmp-agent community { read | write }
community-name [ acl acl-number |
mib-view view-name ]*
You can associate the ACL
when creating the community,
the SNMP group, and the
user.
For more information about
SNMP, see System
Management and
Maintenance Configuration
Guide.
6.
Associate the SNMP group
with the ACL.
snmp-agent group { v1 | v2c }
group-name [ read-view read-view ]
[ write-view write-view ] [ notify-view
notify-view ] [ acl acl-number ]
snmp-agent group v3 group-name
[ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ]
[ notify-view notify-view ] [ acl
acl-number ]
7.
Associate the user with the
ACL.
snmp-agent usm-user { v1 | v2c }
user-name group-name [ acl
acl-number ]
snmp-agent usm-user v3 user-name
group-name [ [ cipher ]
authentication-mode { md5 | sha }
auth-password [ privacy-mode { 3des |
aes128 | des56 } priv-password ] ] [ acl
acl-number ]
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS